Latest revision as of 14:26, 26 April 2013

The following information assumes that you are migrating to Cisco Unified MeetingPlace Release 8.5 from a previous release. Release 8.5 does not support deployments with MeetingPlace-scheduling for new installations. If you are completing a new installation for an audio-only deployment, see system requirements for Audio-Only deployments.

The MeetingPlace-scheduling deployment supports a maximum of two nodes in an active/standby configuration.

One Application Server is deployed as "Primary" and one optionally deployed as "Standby" (multinode deployment is not supported with the MeetingPlace-scheduling model)

The Cisco Unified MeetingPlace integration for Microsoft Outlook scheduling is included on the Application Server.

The Express Media Server is a set of software modules that reside on the Application Server. During installation, you will have the option to choose either the Hardware Media Server or the Express Media Server. For details about the EMS, see the Express Media Server Requirements.

CUCM 8.0(3) is the only release that supports SIP Refers for multinode Cisco Unified MeetingPlace systems (WebEx-scheduling deployments). If you require this support, open a case with Cisco TAC against the Cisco Unified Communications Manager to obtain the latest Engineering Special (ES) or Service Update (SU) version of CUCM 8.0(3).

This version is included with Cisco Unified MeetingPlace Web Release 8.5 and is supported for local SQL Server deployments.

Microsoft SQL Server 2008 Standard Edition

This version is supported for remote SQL Server deployments only.

Notes:

You must install and configure your SQL Server to be case-insensitive. If you configure your SQL Server to be case-sensitive, the Web Server will not function properly.

All SQL Servers are required to be local to the Cisco Unified MeetingPlace server that is handling the replication. SQL Servers can be “remote” in that they are installed on separate machines within a local data center. However, this release of Cisco Unified MeetingPlace does not support attaching to an SQL Server in a remote data center.

Additional Requirements

Make sure that all corporate fonts and standard Microsoft fonts, including Microsoft PowerPoint fonts, are installed.

Web Server software does not support "thin clients" (Citrix or Terminal Server).

Cisco WebEx Node does not support any HTTP or SOCKS proxy servers. Allow direct accesss to WebEx Site IPs directly through firewall settings.

Cisco WebEx Node is currently not supported with the WebEx Global Site Backup system. If you want a fully redundant option with GSB, submit a new WebEx Node request to WebEx Provisioning to deploy a redundant node that is ‘homed’ to the GSB data center instead of the primary. You must deploy an MCS or UCS with the Cisco WebEx Node for MCS software for this function in your network.

Event Center and Training Center are not supported on Apple Mac systems.

Event Center supports the Audio Broadcast feature that reduces the need for all participants to dial into a MeetingPlace audio meeting. Connection to the audio system is limited to those participants designated as Speakers. All other attendees receive the audio, video, and web conferencing components in multiple HTTPS streams via their PC.

If your site is on a version earlier than WBS 27 SP25, contact your Cisco WebEx Customer Support Engineer (CSE) to request an upgrade to the minimum version required for use with Cisco Unified MeetingPlace Release 8.5.

You must have both WBS 27 SP27 and WebEx XML API Release 5.7 or later to use the WebEx-MeetingPlace Automatic Configuration feature.

WBS27 FR23 and later offers a new capability for supporting Dual Audio vendors on the same WebEx Site. For more information, see the "New Features" section of the Release Notes for Cisco Unified MeetingPlace Release 8.5.

The WebEx end-user client interface supports any HTTP or SOCKS proxy server based on browser settings.

Cisco Unified MeetingPlace PhoneView

Cisco Unified MeetingPlace PhoneView is available only to Cisco Unified IP Phones that are registered to Cisco Unified Communications Manager.

Cisco Unified MeetingPlace PhoneView is not supported with the following:

Failover Requirements

To configure failover, you need two Application Servers with a high-speed network connection (preferably 100Mpbs or better) between them. Failover configuration requires the following:

When you configure the Application Server for the Express Media Server, both the primary and secondary failover Express Media Servers must have the same licenses and port distribution for scheduled and ad-hoc meetings.

The time must be synchronized between the two Application Servers. This is required to resolve conflicts when the same piece of data is modified simultaneously in both Application Servers.

If the primary and failover Application Servers share a common set of Audio and Video Blades, you must add all the Audio Blades to both Applications Servers. Be sure to use the same passwords and SNMP community names on the two systems or the failover mechanism will not work.

Note: Directory Service between two Application Servers is not supported in a failover deployment.

Directory Services Requirement

Cisco Unified MeetingPlace Directory Service enables you to populate and synchronize the Cisco Unified MeetingPlace user database with the contents of the Cisco Unified Communications Manager (CUCM) user database, as well as provide encrypted end-user authentication. The CUCM user database is typically integrated with an LDAP directory. CUCM end-user authentication also supports secure LDAP (sLDAP) configuration. The following LDAP directories are supported by Cisco Unified Communications Manager to MeetingPlace Directory Service:

Cisco Unified MeetingPlace Directory Service (via Cisco Unified Communications Manager LDAP integration) may also be optionally configured to work with WebEx to provide on-premises end-user authentication and automatic profile propegation to WebEx for "host" accounts. This must be requested upon provisioning of the WebEx Site at installation. The MeetingPlace to WebEx LDAP integration is called Directory Service "SSO" Single Sign On, which is optional based on customer requirements for LDAP use. No passwords are stored on WebEx nor passed to the WebEx cloud for authentication.

All "Host" users must be able to resolve to the Cisco Unified MeetingPlace Application Server fully qualified domain name (FQDN) which is deployed behind the company firewall, for instance they must be on the corporate network and VPN connection before "hosting" any meetings. If your profiled users cannot access the corporate network, then a non-Directory Service implementation is advised. MeetingPlace profiles can be exported and imported into the WebEx Site via Administration interface using Excel CSV formatted files.

To enable secure end-user authentication via MeetingPlace/WebEx SSO integration, you must install an SSL certificate on the Application Server for secure user ID and password authentication to LDAP (via Cisco Unified Communications Manager AXL interfaces). End-user authentication may also be done via the internal MeetingPlace Web Server with the following five options:

MeetingPlace local username/password

LDAP - this supports multidomain environments

LDAP, then MeetingPlace - this supports single domain environments only

Windows Integrated Authentication (WIA) - all MeetingPlace profiled users must use Windows OS and the MeetingPlace Web server must be able to join the domain.

Third Party Authentication Servers - supports Siteminder and others

Web HTTP

License Requirements

This release of Cisco Unified MeetingPlace uses active host-based licensing. The system uses an audit mechanism to track the number of users who have actively created meetings and compares that to the number of licenses that are installed. An alarm is raised when the number of users who create meetings exceeds the number of licenses installed.

Licenses are for both audio conferencing and standards-based video conferencing in Cisco Unified MeetingPlace.

If you have no licenses installed the system will allow only a single meeting at a time.

If you are completing a Cisco UCS installation under VMware, note that the Cisco Unified MeetingPlace system produces a randomly generated 12-digit "MAC address" that you will require for licensing. To obtain the MAC address, make sure that you install the Meeting Directors first. You can then obtain the randomly generated MAC address and register your license key.

Network Requirements

DNS Recommendations

All FQDNs of Meeting Director Nodes (if applicable), Conferencing Nodes and Cisco WebEx Nodes are required for DNS resolution between all servers

No multiple names to IPs

Reverse IP lookup required

Classless DNS not supported

CUCM needs to have DNS enabled to resolve the MP hostnames for the SIP Refer commands to be sucessful.

Ports

This section lists the incoming and outgoing ports that are used by the various components of the Cisco Unified MeetingPlace Release 8.5 system. The information refers to MeetingPlace-scheduling deployment options.

Use these tables to make sure that your firewalls do not block access to Cisco Unified MeetingPlace from users or integrated systems, and to make sure that you do not block communication among the Cisco Unified MeetingPlace components and servers.

The ports that you do not need to expose to system administrators or end users are used for local communication between the Cisco Unified MeetingPlace elements or between Cisco Unified MeetingPlace and local services such as Cisco Unified Communications Manager or Microsoft Exchange. Such ports should be blocked in the DMZ or external firewall, but should not be blocked between internal components of the Cisco Unified MeetingPlace solution.

Administrator web access for both MeetingPlace Applications Admin and Cisco WebEx Site Admin

Expose to system administrators

SNMP

Administrator PC

Application Server

UDP

161

SNMP configuration

Expose to system administrators; optional

MP_REPL

Application Server 1

Application Server 2

TCP

2008

Database replication between the active and standby servers for Application Server failover

Optional; only if failover is configured

GWSIM

External Web Server

Application Servers

TCP

5003, 5005

Receive attachments from the external Web Server to Application Servers (active server and standby server, if one exists) in segmented meeting access configurations.

Expose to Web Server in the DMZ.

Used in segmented meeting access configurations.

If you configured your network for reverse connection, where your Web Servers are configured with a Cisco Unified MeetingPlace hostname instead of an IP address, the Application Server can initiate a reverse connection to the Web Server in the DMZ when port 5003 inbound is blocked.

For external users to participate in web meetings, access must be granted from the Internet to the Web Server in the DMZ. However, access to port 80 may be closed if the Web Server is configured for HTTPS and you open TCP port 443.

HTTPS

Administrator PC

Web Server

TCP

443

Client communication for secure user web access

(Optional) Expose to system administrators and end users. If you have external users, then grant access from the Internet to the Web Server in the DMZ.

SQL

Web Server

SQL Server database

TCP

1433

Communication between the Web Server and the SQL Server database

--

Control connection

Web Servers

Application Servers

TCP

5003

Control connection between Web Servers and the Application Server

Expose to Application Server

Cisco WebEx Node for MCS (including WebEx Cloud)

HTTP/HTTPS/WebEx Meeting Protocol

Meeting client, browser

Meeting Server in Cisco WebEx Node

TCP

443

Check meeting status, internal

Checking time from the NTP server

The Cisco WebEx Site will redirect to the Cisco WebEx Node if configured.

This is an optional configuration that is not used unless you specifically configure it. The standard SOCKS port is 1080 but is configurable. Other types of proxies (such as HTTP) are not supported by Cisco Unified MeetingPlace for Cisco WebEx connectivity.

--

External Web Server

Application Servers

TCP

5003, 5005

Control connection between the external Web Server and Application Servers (active server and standby server, if one exists) in segmented meeting access configurations

Open bidirectional

If you configured your network for reverse connection, where your Web Servers are configured with a Cisco Unified MeetingPlace hostname instead of an IP address, the Application Server can initiate a reverse connection to the Web Server in the DMZ when port 5003 inbound is blocked.

Cisco WebEx Node for MCS (including Cisco WebEx Cloud)

HTTPS

Cisco WebEx Node for MCS

Cisco WebEx cloud

TCP

443

Tunnel control and meeting information from the Cisco WebEx Node to the Cisco WebEx cloud. Multiple outbound TCP 443 connections will be created to the Cisco WebEx cloud as external meetings are started. Shared content is sent to the Cisco WebEx cloud for guest users to view during meetings. No Web HTTPS or SOCKS proxy is allowed from the Cisco WebEx Node to the Cisco WebEx cloud.

Only outbound firewall to Internet, these TCP connections also check for NTP clocking to synch to the Cisco WebEx cloud for correct conferencing time coordination.

--

Cisco WebEx Node for MCS

Application Server

TCP

22

Recording use

--

--

Cisco WebEx Node for MCS

Application Server

TCP

7676

Accept the connection from the Cisco WebEx Node

--

Web Server

NTP

Web Servers

Application Servers

UDP

123

Time synchronization

--

Control connection

Web Servers

Application Server

TCP

5003

Control connection between Web Servers and the Application Server

--

--

External Web Server

Application Servers

TCP

5003, 5005

Control connection between the external Web Server and Application Servers (active server and standby server, if one exists) in segmented meeting access configurations

Open bidirectional

If you configured your network for reverse connection, where your Web Servers are configured with a Cisco Unified MeetingPlace hostname instead of an IP address, the Application Server can initiate a reverse connection to the Web Server in the DMZ when port 5003 inbound is blocked.

Application Server to Web Server Connectivity

Note: Cisco Unified MeetingPlace Web Servers are only required in MeetingPlace-scheduling deployments. They are optional in audio-only deployments depending on your deployment requirements.

Confirm that the system meets the following requirements so that the Web Server can communicate with the Application Server:

The Web Server must be able to communicate with the Application Server on TCP port 5003. This can be achieved by opening port 5003 inbound from the Web Server to the Application Server, in which case the normal registration mechanism will operate. Alternately, the Application Server can initiate a reverse (outbound) connection to the Web Server. For the reverse connection to be initiated, you must enter the MeetingPlace Server name as an IP address instead of a hostname during the Web Server installation. You will also have to manually configure this Web Server unit on the Application Server.

Connectivity between the Web Server and the Application Server is of high quality and not subject to interruptions because of traffic congestion. Any time the round-trip latency exceeds 100 ms or there is more than 1 percent packet loss, you should expect a noticeable reduction in service quality.

TCP port 61004 must be open inbound from the Web Server to the Application Server. There is no "reverse" connection mechanism for this port.

Cisco recommends opening UDP port 123 (NTP) bidirectionally between the Web Server and the Application Server. This is used for time synchronization. Alternate time synchronization mechanisms may be used, but any significant clock drift will result in failures.

Integration Requirements

Note: The Cisco Unified MeetingPlace integrations for IBM Lotus Notes and Microsoft Outlook are only supported if your deployment is configured for MeetingPlace-scheduling or audio-only. Deployments configured for WebEx-scheduling use WebEx Productivity Tools.